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Introduction 

Homotopy type theory is based on the discovery that formal depen- 
dent type theory has a natural homotopy-theoretic interpretation ([Voe06], 
[AW09]). Since a number of interactive proof assistants implement versions 
of dependent type theory, these observations open the possibility of devel- 
oping parts of homotopy theory formally with the help of such assistants; 
see [PW12] for a helpful overview. 
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In this spirit, we carry out a number of honiotopy-theoretic constructions 
in a core system of homotopy type theory. In particular, we define and 
investigate (homotopy) pullbacks, equahzers, hmits over graphs, pointed 
spaces, and fiber sequences. The entire development is formalized with the 
Coq interactive proof assistant. 

Besides the formalization itself, we also compare the semantics of type 
theory with fibration categories, a standard homotopy-theoretic setting for 
the construction of homotopy limits. 

We should mention that many of the facts we present below are already 
known in folklore; in any case, none of them will be unexpected to researchers 
in the field. Egbert Rijke and Bas Spitters [RS13] have also independently 
investigated limits and colimits over graphs within a similar type theory. 
We hope it will prove useful, however, to have a systematic treatment of 
these basic results, fully formalized in Coq and available as a library for 
future use. We also hope that the practical lessons we learned during the 
formalization process may useful to others. 

Our Coq development builds on a library for homotopy type theory de- 
veloped jointly by various people, under the leadership of Andrej Bauer, 
Lumsdaine, and Michael Shulman [HoT]. Another extensive library has 
been developed by Vladimir Voevodsky [Voc], and some of our verified re- 
sults overlap his. 

Outline. In Section 1, we set out the formal framework of our work: the 
type theory under consideration, and its intended interpretation. In Sec- 
tion 2, we review some background on the type-theoretic development of 
homotopy theory, and use it to show that every categorical model of the 
theory carries the structure of a fibration category. Section 3 presents the 
main body of our formalization: a concise treatment of the content, in tra- 
ditional mathematical prose. Finally, in Section 4 we share some reflections 
on practical aspects of the formalization process. 

Our formal development in Coq can be found online at 

https : //github . com/peterlef anulumsdaine/hott-limits/. 
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1. The logical setting 

In this section, we first lay out the specific logical system in which we will 
work; we then review its intended semantics, insofar as they are relevant to 
working within the theory; finally, we fix the basic notation and terminology 
we will use, based on the intended semantics. 

1.1. The theory under consideration. We assume familiarity with pred- 
icative dependent type theory, often known as Martin-Lof type theory [ML84]. 
The following types, and associated rules, form a minimal core to that sys- 
tem: 

(1) dependent products Hx.aB, and the associated introduction, elimi- 
nation, and computation rules 

(2) dependent sums Yi^-.aB, and the associated introduction, elimina- 
tion, and computation rules 

(3) identity types Id^, and the associated introduction, elimination, and 
computation rules 

Most developments in homotopy type theory add at least the following 
rule: 

(4) function extensionality: for any type A, any type B depending on 
X : A, and functions f,g : HxaB, if fx = gx for every x : A, then 
f=9- 

The system based on these rules is used in [AGS 12], where it is denoted 
by H; it also forms a sufficient basis for much of the present formalization. 
Some constructions, in addition, depend on: 

(5) the type Nat of natural numbers, with the usual introduction, elim- 
ination, and computation rules, 

from which the empty type, unit type, and other finite types can be defined; 
and finally, some of our definitions presuppose the existence of: 

(6) a universe U of types, containing Nat, and closed under the formation 
of dependent products, sums, and identity types. 

We use quantification over the universe to define the universal properties 
of pullbacks and limits, but also give equivalent formulations that do not 
make use of such a universe. 

Besides these, the version of Coq we used implements //-conversion for 
functions, Xx.fx = /, as a built-in conversion rule. As a propositional 
equality, it is derivable from function extensionality, so we do not believe 
its use is essential; however, since it is unavoidably present in the proof 
assistant, we include it in our formal theory. 

In sum, if we take axioms (l)-(3) to represent the core of Martin-Lof type 
theory, ML, it is then reasonable to denote our overall framework as 

ML + (funext) + (r?) + (Nat) + (U). 

For brevity, we refer to this in the present paper as Ti'; thus the mathematical 
content of our work is that the constructions and assertions of Sections 2 
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and 3 are consequences of that formal theory. As noted above, however, 
most of our results do not require Nat, and many do not require U. 

We do not consider in the present work extra axioms such as Univalence, 
resizing, or higher inductive types. 

One final comment about the formal verification: rather than providing 
Id, Nat, Bool, and so on individually, Coq provides a general mechanism 
for defining inductive types, which these are then defined as instances of. 
However, the resulting eliminators for these types correspond precisely to the 
rules for them described above. Coq also provides (dependent) record types, 
as syntactic sugar for certain inductive types; in some cases, using record 
types made type checking more efficient, and brought notational benefits as 
well. As these may be routinely translated into (iterated) S-types, their use 
has no bearing on the question of derivability in %' . 

1.2. Semantics. 

1.2.1. General algebraic semantics. The fully general semantics of depen- 
dent type theories are, from a purely algebraic point of view, well-understood. 
Essentially, a model of a dependent type theory T with the same basic judge- 
ments and structural rules as T-i' may be defined as a contextual category — 
that is, a category equipped with structure sufficient to model the structural 
rules of the theory — along with further algebraic structure corresponding 
to the particular logical constructors under consideration. For the details of 
this definition, see [Str91]; for brevity, we will refer to such a structure as a 
categorical model of T. 

The justification for calling such structures models comes from the fact 
that the syntax of the theory forms an initial such structure: 

Definition 1.2.1. Given any dependent type theory T, the syntactic cate- 
gory C(T) is given as follows: 

• objects of C(T) are contexts [xi'.Ai, . . . , x^-An] of T, up to defini- 
tional equality and renaming of free variables; 

• maps of C(T) are context morphisms (a.k.a. substitutions), again up 
to definitional equality and renaming of free variables. That is, a 
map 

/: [xi:Ai, ..., Xn-An] — ^[yr.Bi, ..., ym-Bm{yi, ■ ■ ■ ,ym-i)] 

is represented by a sequence of terms 

xi:Ai, ..., Xn-An \- fi: Bi 



Xi'.Ai, . . . , Xn'-An I Jm '■ -Dmi/lj ■ ■ ■ i Jm—l)- 

Moreover, C(T) may naturally be given the structure of a contextual 
category; for each logical rule of T, C(T) carries the corresponding algebraic 
structure. 
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Fact 1.2.2 ([StrDl]^). C(T) is initial among categorical models o/T. 

Thus any other categorical model C has a canonical structure-preserving 
functor from C(T) — that is, an interpretation function, interpreting the syn- 
tax of T in C. 

1.2.2. Homotopical sem,antics. Honiotopy type theory is based on the real- 
ization ([HS98], [AW09], [vdBG12], [VoclO]) that various homotopy-theoretic 
settings give natural examples of such categorical models. Very roughly, a 
type A denotes a space; a family B{x) of types, indexed over A, denotes of 
fibration over A; a term t(x) of type B, with variable x of type A, denotes 
a continuous map from A to B, and so on. 

The main motivating interpretation, for us, is the model in simplicial 
sets — one of the most well-studied models of spaces in homotopy theory. 
The full details of this interpretation are rather technical, so since we never 
require them, we omit them here; see [KLV12] for a complete presentation 
of the simplicial set model, and [Shul2] for more general related models. We 
sketch here just the main ingredients of the interpretation, insofar as they 
justify the intuition and terminology for working within the theory. 

In this model, closed types (and, more generally, contexts) are interpreted 
as Kan complexes; dependent types, as Kan fibrations. Most type formers — 
Il-types, S-types, Nat, etc. — are interpreted as in the more familiar topos 
logic: Il-types by the right adjoint to pullback, E-types by the left, Nat by 
the natural numbers object, and so on. 

The main novelty, however, is the interpretation of the identity type 
ldyi(x, y) with variables x and y from A. In set- and topos-theoretic models, 
one would interpret it as the diagonal map A — ^A x A. However, in simpli- 
cial sets (and other homotopy-theoretic settings) this map is hardly ever a 
fibration. It can, however, be replaced by a fibration P{A) — ^^4 x A, where 
P{A) is the path object of A; this is then used to interpret the identity type 
of A. Thinking of a simplicial set as a space, P{A) represents the space of 
paths in A, with the fibration P{A) — ^A x A giving the indexing of paths 
over their endpoints. In particular contrast to the set-theoretic situation, 
for given x,y : A the space P{A){x,y) of paths from x to y may be not 
merely a proposition, but a non-trivial space in its own right. 

1.3. Notation and terminology. The homotopical interpretation has guided 
the various choices of notation and terminology we use in the presentation of 
our development. In particular, we use notation p : {x -^ y) for the identity 
type to indicate that we would like to think of it as the type of paths from x 
to y. The Homotopy Type Theory library provides both the notations x = 
y and x ~> y for this type, and while working in Coq, we prefer to use the 
former rather than the latter. However, in the informal presentation below. 



Unfortunately, to our knowledge, no general form of this result exists in the literature; 
it is shown for certain specific type theories in [Str91] and elsewhere, and its extension to 
other combinations of the standard rules (such as H') is well-known in folklore. 
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we find it most natural to understand our constructions as constructions of 
paths, rather than equality proofs; and so we have settled on using the latter 
notation, and favor the word "path" over "equality." 

In other respects, however, we have found it more convenient to leave 
the homotopy-theoretic interpretation implicit. For example, the natural 
definitions of pullbacks, equalizers, and limits in type-theoretic notation turn 
out to characterize homotopy pullbacks, homotopy equalizers, and homotopy 
limits in the homotopy-theoretic interpretation. Having kept the notion of 
"path" prominent, sprinkling the word "homotopy" everywhere seemed to 
impose an unnecessary burden; thus, both in code and in prose we refer 
just to "pullbacks," "equalizers," and "limits." (This is customary in higher 
category theory (see, e.g., [Lur09]), when one uses, for example, the word 
"limit" for an object that in strict terms is merely a homotopy limit.) 

For the sake of readability, we will use standard mathematical terminology 
and notation in Sections 2 and 3, rather than attempting to adhere closely 
to the notation used in the Coq code. The following table lists some of 
the basic notions of our development, comparing the notations used in our 
presentation here with those used in the Coq formalization: 



informal 
notion 


mathematical 
notation 


Coq 
notation 


p is a path from x to y 


p-.ix-^y) 


p : X = y 


the identity path at x 


refl(a;) 


idpath X 


the concatenation of p and q 


p.q 


p ® q 


the inverse of p 


P 


!P 


B is a fibration over A 


B^A 


B : A -> Type 


the total space of B over A 


^x:AB{x) 


{ X : A & B X } 


the dependent product of B over A 


Tia^:AB{x) 


forall X : A, B X 


e is an equivalence from ^4 to i? 


e: A^B 


e : A <~> B 


the inverse of e 


e-' 


e--l 


a universe of smah types 


U 


UU 


the natural numbers 


Nat 


nat 



As usual in homotopy type theory, we represent logic using propositions- 
as-types, with implication, conjunction, and universal and existential quan- 
tification interpreted in terms of function, product, H-, and S-types respec- 
tively. Thus, for example, the functional extensionality axiom (Axiom 4 in 
Section 1.1 above), is formally a constant of type: 



funext 



n n ([i(^f^^9x))^{f-^g). 



A-.Type f,g: U B{x) x:A 
S:A— >Type x:A 



Notice that E-types provide a useful way of "packaging" related pieces of 
data into a single type: to illustrate this, consider Definition 3.1.5 below. 
Formally, a cospan consists of types A, B, and C, and maps / : A — s- C, 
g: B — ^C. Given a type X, a cone over this cospan with vertex X consists 



HOMOTOPY LIMITS IN COQ 7 

of maps h: X — ^A and k: B — ^C, and a family of paths {f{hx) ~^ g{kx)) 
for each x in X. In other words, such a cone is an element of the type 



E n(/(^^)^5(^^))- 



h:X->-A x:X 
k:X^B 

Thus our formal definition in Coq reads as follows: 

Definition cospan_cone {ABC: Type} (f : A -> C) 

(g : B -> C) (X : Type) 
:= { h : (X -> A) & { k : (X -> B) 

& forall X, paths (f(h x)) (g(k x)) }}. 

The curly braces around the arguments A, B, and C indicate that these are 
treated as implicit arguments. This means that the user may write just 
cospan_cone f g X, leaving the system to infer A, B, and C from the types 
of f and g. Sometimes one needs to turn this feature off, and specify such 
arguments; writing @cospan_cone A B C f g X tells Coq to expect all the 
arguments of cospan_cone to be given explicitly. 

2. Fundamental constructions 

In this section and the next, we develop the basic theory of homotopy lim- 
its and related notions in %' . We have already explained, in Section 1, how 
the basic ingredients are represented in the language of Coq, and complete 
details of the whole development can be found in the files comprising our 
formal verification. Especially in Section 3, therefore, we will generally only 
sketch most proofs, leaving out steps that are straightforward and routine 
(and even some that are not). 

2.1. Background from homotopy type theory. Our formal work builds 
on the HoTT library [HoT] for homotopy theory developed by Bauer, Lums- 
daine, Shulman, and others. We begin by summarizing some of the basic 
components of this library that are used throughout. 

2.1.1. Operations on paths. Given any x,y : X, we write p : {x -^ y) to 
denote the fact that p is a path from x to y. For every x, there is an "identity 
path" refl(a;) : {x -^ x). The central property characterizing the type of 
paths is its elimination principle, which says roughly that to construct an 
object of a type C{x,y,p) depending on a path p from x to y, it suffices to 
construct an element of C{x, x, refl(x)), in which p has been "contracted" to 
an identity path. 

Paths admit various operations familiar from homotopy theory and higher 
category theory. Any two paths p : {x -^ y) and q : {y -^ z) can be concate- 
nated, yielding a path p . q : (x -^ z). Moreover, refl(x) : (x -w x) is a unit 
element for this operation, and every path admits an inverse p : {y -^ x). 
These operations satisfy the groupoid laws, but, as in homotopy theory, only 
up to a higher path. For example, we can find an inhabitant of the type 
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{p.p-^ refl(2;)). In fact, every type, together with the tower of its paths, 
forms an cx)-groupoid of some sort; (precise statements along these hnes can 
be found in [vdBGll], [Lum09]). 

Moreover, the maps between types respect the paths and the structure on 
them. That is: given any p : (x ~-^ y) in X and / : X — ^Y, we obtain a path 
f[p] ■ (/(^) "^ fiy))'j ^-iid this is functorial, in the up-to-homotopy sense that 
there is, for example, an inhabitant of the type {f[p . q] -^ f[p] . f[q]). 

2.1.2. Equivalences and h-levels. The notion of paths allows us to recover 
several familiar notions from algebraic topology. 

We can, for example, say that a type X is contractible if there is some 
xq : X, and a function giving for each x : X a path (x -w xq). One can also 
construct the homotopy fiber of a map / : X — ^Y over an element y : Y by: 



hfib(/,y):=^(/(x)-2/). 



x:X 

Given these we say that a map / : X — >-Y is an equivalence if for ally :Y 
the homotopy fiber of / over y is contractible. The HoTT library provides 
many crucial results on equivalences. For example, a map is an equivalence 
if it has a two-sided inverse (up to homotopy) , or alternatively two one-sided 
inverses. We will return to these points in more detail in Section 2.2. 

Another notion that smoothly transfers from algebraic topology to HoTT 
is the notion of an n-type. Classically, an n-type is a space whose homotopy 
groups vanish above dimension n. In HoTT we define a similar hierarchy, 
although with the indexing shifted by 2. The reason for this shift is simply 
that, formally, natural numbers are easier to deal with than integers greater 
than or equal to —2; in particular, in an interactive theorem prover, one can 
make use of the standard inductively defined type of natural numbers. 

Precisely, h-levels are defined by induction. A type X is of h-level if it 
is contractible; and of h-level n + 1 if for all x,y : X, the type (x -^ y) of 
paths from x to y is of h-level n. Thus in particular, types of h-level 1 may 
be considered as propositions, carrying no more information than the fact of 
being inhabited; and types of h-level 2 are (up-to-homotopy) discrete sets. 
We call such types h-props and h-sets respectively. 

2.1.3. Functional extensionality. Given two types X and Y, the type X —^ Y 
of maps between them can be equipped with the notion of a path (or rather, 
a "homotopy") in two different ways. First, for any f,g: X — ^Y, one can 
form (/ ^> (?), in the usual way. On the hand, one can also compare two 
functions pointwise, asking for an element of Hx-x (/(^) "^ 9{x))i ^^ call 
such a function h a homotopy from / to g, and write h : f ^ g. 

Given any p : {f -^ g),hy the elimination principle for paths, we obtain an 
element of the type f ^ g. The functional extensionality axiom assert that 
this assignment is an equivalence; that is, that given a pointwise homotopy 
between two maps, we can always find a path between them in the function 
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type inducing the original honiotopy. More generally, functional extension- 
ality asserts this equivalence between paths and homotopies in dependent 
function types Ylx-A^i^)- 

2.1.4. Dependent sums. The interaction between dependent sums and paths 
is crucial in our work. Let B{x) be a type depending onx : A. It is easy to see 
that then a path p : (a -w a') in A induces an equivalence p\ : B{a) — ^B{a'), 
which we call transport between fibers. As everything before, this commutes 
appropriately with the operations on paths; for example, for any p : (a -^ a') 
and q : {a' -^ a"), and b : B{a) we have {{p . q)\b -^ q\{p[b)). 

This also provides a means to construct paths between two elements of a 
S-type. Given a path p : ((a, b) --^ (a', b')) in a X^x-a -^(^)> '^^ S^t a pair of 
paths: pi : {a -^ a') and p2 : {ipi)\b -^ b'); and conversely, given such a pair 
of paths, we can recover the original path p. This construction is ubiquitous 
in the formalization, since so many objects are defined using S-types; for 
more discussion, see Section 4.3 below. 

2.2. Fibration categories from type theory. In this section, we show 
that any categorical model of Ti' (including its syntactic category) satisfies 
the axioms of a fibration category, following the lines of results such as 
[GG08], [Lumll]. 

The result follows from a combination of internal reasoning — proving cer- 
tain statements in the type theory — and external (meta-theoretic), showing 
how in models, the internal statements translate into the desired axioms. 
Since we will be switching back and forth frequently between these two dif- 
ferent logical settings, we use sans serif text to distinguish the internal reason- 
ing from the external. After this, we look at how some standard properties 
of fibration categories translate in terms of the type theory. 

The internal parts of this section are formalized in the file Fundamentals . v. 

We start by recalling the definition of a fibration category (for more on 
which, see [Bro73], [Bau89]): 

Definition 2.2.1. A fibration category is a category C together with two 
distinguished classes of maps, W {weak equivalences) and T (fibrations) sat- 
isfying the following conditions: 

(1) Weak equivalences satisfy 2-out-of-6 condition; i.e., given a compos- 
able triple of morphisms 

fib 

W — U- X — -^ Y —^ Z, 

'\i g- f and h ■ g are weak equivalences, then so are f,g,h, and h-g- f. 

(2) J^ is closed under composition. 

(3) Calling a map that is both a weak equivalence and a fibration an 
acyclic fibration, all isomorphisms are acyclic fibrations. 

(4) C has a terminal object 1. 

(5) Fullbacks along fibrations exist; fibrations and acyclic fibrations are 
stable under pullback. 
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(6) For any object X G C, the diagonal morphism A : X — ^X x X can 
be factored as a weak equivalence followed by a fibration. 

X—^PX—^XxX. 

(Such a factorization, and by abuse of language also the object PX, 
is called a path object for X.) 

(7) Every object is fibrant; that is, the unique map X — ^1 is a fibration, 
for any X € C. 

Remark 2.2.2. This is slightly stronger than the original definition given 
by Brown, in that it requires the class W to satisfy the 2-out-of-6 axiom 
rather than just the more familiar 2-out-of-3. However, once C satisfies all 
the other axioms, the following conditions are equivalent (the result is due 
to Cisinski; see [RB06, Thm. 7.2.7]): 

(1) W satisfies 2-out-of-6; 

(2) W satisfies 2-out-of-3 and is saturated; that is, if a map zi; of C 
becomes an isomorphism in Ho(C), then w G W. 

In this section we show that any categorical model of H' (in the sense of 
Section 1.2) carries the structure of a fibration category; and so, in partic- 
ular, the syntactic category C(l-L') does. From here on, fix some categorical 
model C of H'. 

For convenience of exposition, we also assume in this section strong rj- 
rules for S-types, so every context is isomorphic to (a context consisting of 
just) a single iterated S-type: for instance, 

[x:A, y:B{x)]^[p:^B{x)]. 

x:A 

This allows us to work just with types, rather than with general contexts. 
However, nothing here depends on that assumption; one may simply replace 
types with contexts and S-types with context extensions, in particular in 
the definition of the fibrations: 

Definition 2.2.3 (Gambino-Garner [GG08]). A map of C is a fibration if 
it is isomorphic to some composite of first projections from S-types, 



E^(^ 



x:A 

Denote the class of fibrations by J-. 

(This is a slight simplification of Gambino and Garner's original definition, 
which also closes J- under retracts.) Note that "isomorphic" here refers 
to the external notion of isomorphism in C, involving definitional equality 
of maps; and so one cannot represent this definition internally in the type 
theory, since definitional equality is not represented by a type. Indeed, there 
is no way of defining these fibrations internally: every statement of the type 
theory respects equivalence, and we see in Lemma 2.2.11 below that every 
map is equivalent to a fibration. 
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Weak equivalences, by contrast, are defined first internally, as in Sec- 
tion 2.1 above: 

Definition 2.2.4 (Voevodsky). A map /: A — ^B is an equivalence if for 
each b : B the homotopy fiber hfib(/, &) is contractible. 

(Note that this is simply a property of /, not extra structure, since being an 
equivalence is a proposition in the sense of Section 2.1.2.) 

Take a map /: A — ^B in C to be in W if "(Ax. f{x)) is an equivalence" 
holds in C. 

With these definitions, we are now ready for the main theorem of the 
section: 

Theorem 2.2.5. C, with W and J- as described above, is a fibration cate- 
gory. 

We consider the various axioms in turn. 

Lemma 2.2.6. W satisfies the 2-out-of-6 property. 

Proof. We first show the analogous statement internally. 

Let /, g, h be composable maps, and suppose f -g and g-h are equivalences. 
Then: 

• {9 ■ /)~^ ■ 5 ■ (^ • g)^^ gives a quasi-inverse for h ■ g ■ f; 

• {h ■ g)~^ ■ h and f • {g ■ f)^^ give left and right inverses for g; 

• {g ■ f)^^ ■ g gives a quasi-inverse for /; 

• 5 ■ (^ ■ 9)^^ gives a quasi-inverse for h. 

This immediately implies the desired external statement, since internal 
and external composition agree. D 

Lemma 2.2.7. Fullbacks of fibrations exist. 

Proof. The pullback of a dependent projection is given by substituting into 
the corresponding dependent type; that is, the following square is a pullback: 

E B{fx) E B{x) 

x:A' x:A 

A' -A 

The two pullbacks lemma implies that pullbacks of their composites then 
also exist. D 

(Note that these really are pullbacks in the strict, external sense, in con- 
trast to the internally defined pullbacks of Section 3.1, which from an exter- 
nal point of view become homotopy pullbacks.) 

Lemma 2.2.8. Given a fibration vri : ^ B{x) — ^A, for any a : A we have 

B(a) ~ hfib(7ri,a). 
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Proof. Take any a : A. For the map B{a) — ^ hfib(7ri,a), send b : B{a) to 
((a, 6), refl(a)). Conversely, send {{a',b),p) : hfib(7ri,a) (where b : B{a') and 
p : {a' -^ a)) to the transported element p\{b) : B{a). The verification that 
these are mutually inverse is straightforward. 

D 

Lemma 2.2.9. Fibrations and acyclic fibrations are preserved under pull- 
back. 

Proof. Preservation of fibrations is clear by construction from the proof of 
Lemma 2.2.7; and for acyclic fibrations, combine this with Lemma 2.2.8 and 
the fact that equivalence preserves contractibility. D 

Definition 2.2.10. Path objects in C are constructed from the identity 
types: 

PA:= Y. (x-^-y) 

x,y:A 



A ^ A X A 

A 

We have now amassed all the ingredients of a fibration category: 

Proof of Theorem 2.2.5. Immediate from the preceding lemmas. D 

Besides the basic structure of a fibration category, we consider a few more 
useful properties from the theory of fibration categories that are satisfied by 
C: 

Lemma 2.2.11 (Factorization Lemma, [GG08, Lem. 11]). For every mor- 
phism f : A — ^B in C, there exists a factorization: 



Pf 





A >-B 

f 

with aj GW and pf £ T . 
Proof. We take 

P/:= J2 Ux-^y). 

y:B,x:A 

and 

'^f{x) ■■= (/x,x,refl(/x)). 
By definition, pj is in T; and it is easy to check that cTf € W. D 

Such (W, J-) factorizations may be constructed in any fibration category. 
In the type-theoretic case, however, they crucially satisfy an additional prop- 
erty, corresponding to the Id-elimination rule: aj is weakly left-orthogonal 
to fibrations. We will not however go into this point here; see [GG08] for 
details. 
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Lemma 2.2.12 (Right properness). The pullback of a weak equivalence 
along a fibration is again a weak equivalence: 



A' ^A 

few 

Proof. The map vr*/ sends a pair (y,6) to {f{y),b); so taking a quasi-inverse 
{g,r],e) for /, we can construct a quasi-inverse for n* f by sending {x,b) to 
{g{x),i]{x),b). 

D 

(Again, this property holds in any fibration category.) 

One may also define cofibrancy, for objects of any fibration category: 

Definition 2.2.13. An object C of a fibration category C is cofibrant if for 
any acyclic fibration p : B — *- A and map / : C — s- A, there is some lifting 
f:C^B: 

B 

f -^ 
/ 

/ 
C-^A. 

When C is a categorical model of "H' (though not in general), we have: 

Lemma 2.2.14. Every object of C is cofibrant. 

Proof. By Lemma 2.2.8 every acyclic fibration admits a section, so we may 
simply take / to be the composite of this section with /. D 

We conclude with a somewhat subtler question. Another condition often 
assumed for fibration categories is that any sequence 

An ^ A^ -« Ao -i , 



in which each fi is a fibration, has a limit, and that moreover the projections 
from this limit are again fibrations. 

This turns out not to be provable in the type theory — in particular, it 
fails in the syntactic category. However, appropriate internally-formulated 
versions of it do hold; this is analogous to the fact that an elementary topos 
may fail to be externally complete, while possessing all limits in the internal 
sense. 

To see how it fails in 0(1-1'), consider the sequence of projections 

1 ^ Nat ^ Nat ^ 



This sequence cannot have a limit, since such a limit would be a N-fold 
product of copies of Nat, and as such would necessarily have uncountably 
many global elements, while C(7i') is countable. 
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However, an internal limit for the sequence exists, in the form of the 
object Nat ^* (working internahy, it does not make sense to ask whether the 
projections are fibrations); and, in some models (e.g. the simplicial model) 
this object turns out to be interpreted as the external limit Hn '^^^• 

3. Limits and applications 

Almost all the reasoning of this section takes place within the type theory; 
we therefore no longer distinguish such material explicitly. 

3.1. Fullbacks and equalizers. Before defining general limits over graphs, 
we start by investigating pullbacks; these serve as both a warmup and a 
useful tool for subsequent material. 

3.1.1. The standard construction of a puHback. We start by explicitly con- 
structing the pullback of a cospan. 

Definition 3.1.1. Let A s- C -« i? be a cospan of types and func- 
tions. The (standard) pullback Pb{f,g) of this cospan is defined as: 

Pb(/,g):= Yl U^-^gy) 

x:A,y:B 



with the obvious maps: 



Pbif,g)^^B . 



TTA 



A ^C 

f 

(This definition may be recast to parallel a traditional construction of the 
homotopy pullback in fibration categories [Bro73, Lem 1.3]: first fibrantly 
replace / by pj as in Lemma 2.2.11, obtaining 

Pf 

A >-C, 

f 

and then secondly, take the strict pullback of P/ along g as a fibration 
over C, obtaining X]fe:B hfib(/,5(c)) = J2b:B,a:A (/" ^ 9b), which is (strictly, 
externally) isomorphic to Pb{f,g) as defined above.) 

As a first basic property, note that the pullback is symmetric: there 
is an equivalence Pb(f,g) ~ Pb{g,f) commuting appropriately with the 
projections and canonical homotopy. 

Moreover, the construction of the pullback is functorial in {f,g); this 
requires a few extra definitions to state: 
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Definition 3.1.2. Let A^-^C^-^B and yl' — ^ C" -^-^ 5' be 
two cospans. A map h of cospans from (/, 5) to {f',g') consists of maps 
hA,hB, he and homotopies hf,hg: 

B 



A 



A' 






B' 



r 



X Y 



There is an identity map from any cospan to itself; also, there is an evident 
composition of cospan maps. 



Proposition 3.1.3. 

pullbacks Pb{f,g) — 
identities. 



A map of cospans h: {f,g) — ^if',g') induces a map of 
^Pb(f',g'). Moreover, this preserves composition and 



The most frequent application of this functoriality, in practice, is the in- 
variance of pullbacks under equivalences — that, for instance, given a cospan 



A- 



f 



C ■< B and an equivalence e: A' ~ A, there is an equivalence 

between the pullbacks Pb(/, g) and Pb(/-e, (7). This, and various other sim- 
ilar statements, are all easily obtained from the functoriality of Pb together 
with the lemma: 

Lemma 3.1.4. Suppose h = (Jia-, hs, he, hf, hg) is a cospan map from (/, g) 
to {f',g'), and hA, hs, he are equivalences. Then there is a cospan map 
h-':{f',g')- 
{h-^ -h-^ 1) 



■{f,g), inverse to h in that there are paths {h ■ h -w 1) and 



An interesting technical point arises here: rather than proving this and 
other facts about cospan maps directly, we deduce them from the analogous 
facts about commutative squares (considered as maps between functions). 
Most immediately, this slightly simplifies the proofs in the present section 
(since one does not have to write each construction out separately for the 
left and right legs of the cospan) ; but it also allows us to directly re-use the 
commutative squares material in Section 3.2, as the building blocks of the 
analogous facts about diagrams over general graphs. 



3.1.2. The universal property of pullbacks. Alternatively, we can character- 
ize pullbacks using a universal property. For the next few definitions, fix 



some cospan 



A- 



C 



B 
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Definition 3.1.5. Let X be any type. A cone fj, over {f,g) with vertex X 
consists of functions fiA, /J-B, and a homotopy ^c '■ f • fJ-A ^ g • fJ-B'- 

X MB 

\ ^ 

Write Cone{X;f,g) for the type of cones over {f,g) with vertex X. 

Cone(X; f,g) should be contravariantly functorial in X. We do not show 
this in full; but in particular, a map / : X' — *- X induces a map 

Cone(X; /, g) —^ Cone(X'; /, g), 

given by precomposing the components of the cone with /; for a cone /i, we 
denote this as fio f. Fixing a cone /i : Cone{X ; f , g) thus induces for any 
type X' a map 

(;, o -) : {X' ^X)^ Cone(X'; /, g). 

This allows us to define the universal property of pullbacks: 

Definition 3.1.6. A cone fi over {f,g), with vertex P, is an (abstract) 
pullback for {f,g) if for every small type X : U, the map {fi o — ) gives an 
equivalence (X ^^ P) ~ Cone{X ; f , g) . 

One can of course ask whether (/x o — ) is an equivalence for an arbitrary 
type X, not necessarily small; but to quantify over types, one must restrict 
to some universe. Even doing so, the resulting property of "being a pullback" 
is (a priori) as large as the universe used. It is, however, an h-prop (since 
being an equivalence is one). 

(For an investigation of left universal properties of inductive types, defined 
along similar lines, see [AGS12].) 

Proposition 3.1.7. The evident cone from the standard pullback Pb{f,g) 
(3.1.1) to {f,g) is an abstract pullback. 

Proof. By direct construction: any cone from some X to (/, g) induces a 
map X — ^Pb(/, g), and by functional extensionality, this construction is 
inverse to composition with the standard cone. D 

Proposition 3.1.8. If fi : Cone{X;f,g) and v : Cone(y;f,g) are both pull- 
backs for {f,g), then the unique map f : Y — ^ X such that (/x o / -w z/) 
(provided by the universal property of ^) is an equivalence. 

Conversely, if ^ : Cone{X;f,g) is any cone, and f : X c:^ Y an equiva- 
lence, then setting v := ^o f , fi is a pullback if and only if v is. 
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Proof. The following diagram commutes, and the maps X 
Y — s- (1 — > X) are equivalences: 
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(1 ^ X), 



Y ^{l^Y) 



f 



X 



{U0-) 

Cone(l;/,c/) 



It follows by 2-out-of-3 that if any two of /, (/io - 
so is the third. 



(z^o— ) are equivalences, 

D 



Corollary 3.1.9. A cone fi : Cone{X;f,g) is a pullback if and only if the 
induced map X — ^Pb{f,g) is an equivalence. 

Since any two interderivable h-props are necessarily equivalent, this prop- 
erty could be used as an alternative definition of /u being a pullback, with 
the advantage of being again a small type. 



3.1.3. Two pullbacks lemmas. 

Proposition 3.1.10 (Concrete two pullbacks lemma). For all f,g,h as 
in the diagrams below, the map Pb{g*f,h) — ^Pb{f,g ■ h) induced by the 
composition of the two squares is an equivalence: 



PHf,9-h) 




Proposition 3.1.11 (Abstract two pullbacks lemma). Suppose that in a 
rectangle 




the lower square is a pullback. Then the upper square is a pullback if and 
only if the outer rectangle is a pullback. 

Proof. Write n for the cone from P to {f,g); n' for the cone from P' to 
{g*f,h); and n" for the cone from P' to {f,g ■ h). Then for any X, the 
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following triangle commutes: 

^^, _^ Cone{X; g*f,h) 

{X -^ P') 

Cone{X;f,g-h) 

Here the vertical map denotes the composition of a cone on (g* f, h) with /x; 
and this can be shown (by direct construction) to be an equivalence. Hence 
by 2-out-of-3, {/j,' o —) is an equivalence if and only if {/j," o — ) is. D 

It should be noted that the arguments involved in showing the equivalence 
Cone(X; g* f, h) ~ Cone(X; f,g-h) are necessarily more involved than in the 
1-categorical setting, since they depend on comparing paths in types; in 
terms of the classical theory, this is more analogous to the corresponding 
lemma for quasi-pullbacks in a bicategory. 

3.1.4. Equalizers. 

Definition 3.1.12. Let f,g: A — ^B. The equalizer of / and g is defined 
as the type: 

Eql/,^) —^ifx---^ gx). 

x:A 

together with the projection vr: Eq(/, (7) — ^ A. 

As in classical category theory, pullbacks and equalizers can be defined in 
terms of each other. 

Proposition 3.1.13. The equalizer of any pair f,g: A — ^B is equivalent 
to the pullback of the paired map {f,g) : A — ^B x B and the diagonal As-' 

Eq(/,5)=:^Pb(AB,(/,ff)) ^A 

{f,9) 

B ^B X B 



Conversely, the pullback of any cospan A s^ C ■< B is equivalent 

to the equalizer of the pair 

f ■TTi,g-TT2: Ax B^C. 

3.1.5. Homotopy fibers and loop spaces. We next consider a couple of ex- 
amples which bring out the homotopical character of the theory — examples 
which in classical 1-category theory, and in the type theory with UIP, would 
be trivial, but which in the un-truncated type theory become non-trivial, 
corresponding to the classical theory of homotopy pullbacks. 
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For these we first need one piece of notation. Given a type B and an 
element b : B, write '~b~': 1 — ^B for the map sending the unique element 
* : 1 to 6. 

Example 3.1.14. Given a map /: A — >■ B and an element b : B, the 
homotopy fiber of / over b may equivalently be given as a pullback: 

hfib(/, b) ~ Pb(r&^, /) ^ A 

f 

' 

B 



Example 3.1.15. Given a type B and an element b : B, the space of loops 
in B based at b, Q^B, b) := (b -^b b) may be given as a pullback: 

n{B, b) ~ Pb(r6^, ^5^) ^ 1 



B. 



3.1.6. Properties of puUbacks. Various nice properties of maps are preserved 
under pullback. In proving such preservation properties, the following lemma 
is rather useful: 

Proposition 3.1.16. Given A ^ C ^ B , the homotopy fiber of the 

f*g over a point a : A is equivalent to the homotopy fiber of g over f{a). 

Proof. This follows from Example 3.1.14 combined with the two pullbacks 
lemma. D 

Prom this, we can immediately obtain: 

Corollary 3.1.17. Let A ^C^ B be a cospan. If f is an equiva- 
lence, then so is the projection ttb from the pullback. 

Similarly, any property of maps that can be characterized fiberwise is 
stable under pullback. 

3.2. Limits. Generalizing the constructions of pullbacks and equalizers above, 
we move to limits for diagrams over arbitrary graphs. 

3.2.1. Graphs and diagrams. 

Definition 3.2.1. A graph G consists of: 

• a type Go (the vertices or objects of G); and 

• for each i,j : Gq, a type Gi{i,j) (the edges or arrows from i to j). 

Definition 3.2.2. A diagram D on a graph G consists of: 

• for each vertex i: Go, a type Do^i); 

• for each arrow g : Gi{i,j) of G, a map Di{g) : D{i) — ^ D{j). 
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For both graphs and diagrams, we will often suppress the subscripts when 
they are clear from context. 

Example 3.2.3. To recover cospans as an example of these diagrams, one 
can define a graph by taking Gq to be the type with three elements, {/, m, r} 
and let Gi be given by: 

• G{l,m) :=1, 

• G{r,m) := 1, 

• G{i,j) := otherwise. 

A diagram D over this graph corresponds precisely to a cospan: 

D(r) 



D{1) ^D{m) 

3.2.2. The universal property of limits. 

Definition 3.2.4. Given a diagram D on a graph G, a cone fi on D with 
vertex X consists of: 

• for each i : Gq, a map n'- : X — ^DQ{i); 

• for each arrow g : Gi{i,j), a homotopy fig-. Di{g) • ^? => ^u^. 

Write Cone(X; D) for the type of cones on D with vertex X. 

Again, we usually suppress the subscripts, writing just ;Uj, /ij. 

As with cones over cospans, Cone(X; D) is functorial in X] a map / : X' — ^X 
and a cone ^ : Cone(X; D) may be composed to give a cone fiof : Cone(X; D). 
This now lets us generalize the definition of the universal property: 

Definition 3.2.5. Let D be a diagram on the graph G. A cone ^ over D, 
with vertex L, is an (abstract) limit for D if for every small type X : U, the 
map (/U o — ) : (X — )■ L) — s^ Cone(X; D) is an equivalence. 

By abuse of notation, we often speak of L being the limit of D, when the 
cone /U is implicit. 

Most of the theorems of the preceding section generalize immediately. In 
particular. 

Proposition 3.2.6. Given any two limit cones for the same diagram, the 
canonical map between their vertices is an equivalence; conversely, the com- 
position of any limit cone with an equivalence is again a limit cone. 

Again as in the previous section, there is a standard construction of the 
limit: 

Definition 3.2.7. Let D be a diagram over a graph G. The (standard) 
limit LimD is the type of pairs (x,q), where 

• " '■ \{i,r.Go,g:G{i,'j)iiD{g){xi) ^ Xj)). 
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There is an evident cone from L\mD to D, and as one would hope, 

Proposition 3.2.8. Lim(Z)) is an abstract limit for D. 

Proposition 3.2.9. A cone /i from X to some diagram D is a limit for D 
if and only if the map X — s- LimD induced by fi is an equivalence. 

One again, we may define maps of diagrams, and show that Lim is func- 
torial in such maps, and in particular, is functorial in equivalences. Since 
graphs, diagrams, and limits are all simply built up from arrows, these def- 
initions and results follow straightforwardly once one has given the basic 
case of commutative squares, seen as maps between functions. 

3.2.3. Examples and properties. 

Example 3.2.10. In Example 3.2.3, we saw that cospans correspond to 
diagrams over a certain graph. Then cones over these diagrams correspond 
to cones over the cospans, as originally defined; and a diagram-cone is a 
limit exactly if the corresponding cospan-cone is a pullback. 

Example 3.2.11. Just as in the classical 1-categorical theory, the limit over 
a diagram D may be constructed as an equalizer of maps between products: 

Yl D{i) ^YlD{i) 

i,j:G,g:G(i,j) i-G 

Various useful facts are also straightforward to deduce from the standard 
construction; for instance. 

Proposition 3.2.12. If D is a diagram on some graph, and each type D[i) 
has h-level n, then LimD has h-level n; hence via the canonical equivalence, 
so does any other limit for D. 

3.2.4. Why not categories? One might reasonably ask here: why have we 
considered limits only over graphs, not over categories as is usual in the 
1-categorical theory? 

The problem — as ever in homotopical settings — is one of coherence. Defin- 
ing a category internally is roughly analogous to defining an (cx), l)-category 
externally; that is, it requires not only identity, composition, associativity, 
and the like, but also higher-dimensional data ensuring the coherence of the 
paths witnessing the associativity axioms, and so on in arbitrarily high di- 
mensions. While we hope that this will eventually be possible in the type 
theory, it is currently far from clear how to present it. 

In defining categories, this problem can be avoided by putting h-level re- 
strictions on the morphisms; see [AKS13] for a development of the resulting 
theory. However, to talk about diagrams of arbitrary types over such cat- 
egories would once again require an infinite family of coherence conditions, 
essentially since one is presenting an oo-functor into the (cx), l)-category of 
all types, which is not generally of any finite h-level. 
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However, working with graphs avoids these issues entirely: a map out of a 
graph (or equivalently, out of the free category thereon) consists purely of 0- 
and l-dimensional data, with no coherence required. (More generally, one 
could use a similar approach to describe diagrams over finite-dimensional 
computads, or semi-simp licial objects, without confronting coherence is- 
sues.) 

3.3. Pointed types and fiber sequences. 

3.3.1. Definitions. 

Definition 3.3.1. A pointed type (A, oq) is a type A, together with an 
element ao : A, the basepoint. (We will often refer to the both pointed type 
and its underlying type as A, and write pt{A) for the basepoint.) 

A map of pointed types (or pointed map) {f,p): {A,ao) — ^(5,6o) consists 
of a function /: A — ^B, together with a path p : (/(qq) ~^b ^o))- (Again, 
we will often write / for the whole pointed map, and write pt(/) for its 
associated path.) 

The loop space construction 0, lifts naturally to a map from pointed types 
to pointed types, setting flA := {{ptA -^ ptA), refl(ptyl)). One can there- 
fore iterate it, giving the n-fold loop spaces fi^yl of a pointed type. More- 
over, this has an associated action on maps. A pointed map / : A — ^ B 
induces a pointed map ^(f). ^A — ^QB, with underlying map sending 
q: (ptA-^ ptA) to '^ . f[q] .pt f : {ptB^ ptB). 

Similarly, the homotopy fiber construction hfib lifts naturally to the pointed 
world. Given a pointed map /: A — ^ B, write hfib(/) for the pointed 
type given by hfib(/, ptS), with basepoint {ptA,ptf); and the inclusion 
hfib(/) — ^ A is again a pointed map. 

3.3.2. The long exact sequence theorem,. As an application of the above 
tools, we can now recover the long exact sequence associated to a pointed 
map. 

Definition 3.3.2. A fiber sequence is a pair of pointed maps F ^E »-B, 

together with an equivalence F ~ hfib(/) commuting with the inclusion 
MMf)^E. 

Note that up to canonical equivalence, a fiber sequence is determined 
simply by the single pointed map E — ^B. 

Theorem 3.3.3. Given a pointed map f : E — ^B, there is a sequence of 
maps: 

... ^- n'^B ^QF^QE^nB^F^E^B 

in which every pair of consecutive maps forms a fiber sequence. 
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Proof. Taking F := hfib(/), it is sufficient to prove that the homotopy fiber 
of the inclusion F — ^E is equivalent to QB; subsequent stages follow by 
iteration. One can prove this equivalence by direct construction; alterna- 
tively, the results of Section 3.1 allow us to give a rather more conceptual 
proof, due originally to Mather [Mat 76, Lem. 32]: 



ptB^ 



By the two pullbacks lemma, the pullback of the left-hand square is 
equivalent to the pullback of the whole rectangle. But by Examples 3.1.14 
and 3.1.15, these pullbacks are respectively equivalent to the homotopy fiber 
of F — ^E, and to the loop space QB. D 

4. Reflections on the formal verification 

Formalizing the constructions Sections 2 and 3 was often straightforward: 
many of the definitions are very naturally expressed in the language of type 
theory, and verifying their properties is often just a matter of unpacking def- 
inition and applying straightforward logical manipulations and background 
facts. Sometimes, however, additional effort was required. In this section, 
we survey some of the practical lessons learned during the formalization. 

4.1. Limitations. One fundamental challenge that arises comes from work- 
ing purely in the type theory. In classical approaches to homotopy theory, 
one always has an extra external scaffolding available, with (in particular) 
strict, on-the-nose equality on all types of objects. One typically expects the 
main results and constructions to respect appropriate notions of equivalence, 
but one is free to use intermediate constructions that do not. 

Developing the homotopy theory in HoTT, we are constrained to work 
entirely in a homotopy-invariant manner, rendering some classical techniques 
unavailable. In most cases, some fully invariant approach is reasonably 
apparent; but sometimes, one is not. We saw such a case in Section 3.2: 
we do not know how to represent the notion of a diagram over an arbitrary 
category, and so restricted attention to (diagrams and limits over) graphs. 

4.2. Proof-relevance. Another difficulty lies in getting used to thinking 
of proofs of equalities as constructions that one might need to prove things 
about later on. 

In traditional formalizations, equalities are proof-irrelevant: different proofs 
of the same equality are not logically distinguishable. In Coq, for instance, 
one could safely end them with the keyword Qed, which renders them opaque, 
meaning that one cannot later access their contents. In traditional mathe- 
matics, this makes sense; once one has an equality, one only needs the fact 
that it holds, treating the proof as a black box. 
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In HoTT, however, equality is proof-relevant: a path type may have mul- 
tiple logically distinct inhabitants. When constructing equality proofs in 
this setting, one typically needs to end an equality proof with the keyword 
Defined, allowing the user to unfold that definition later on. The specifics 
of the proof matter; one tries to keep proofs as clean and short as possible, 
using lemmas and constructions with known, previously proven properties. 
Unfortunately, this means that several of Coq's powerful tactics (notably 
the rewrite family) are somewhat unsatisfactory in our setting: the paths 
they produce are difficult to reason about later. 

On the other hand, some important statements remain proof- irrelevant. If 
a type has been shown to be an h-prop, one knows that any two elements of 
it are canonically equal; so one may make such an element opaque without 
losing any logical content. Even so, it is often convenient to leave such 
objects transparent, to retain their computational content. 

For instance, for a function f , the type is_equiv f (the property that f 
is an equivalence) is an is an h-prop; so in principle one may safely render 
a proof of this opaque. However, one often uses such a proof to produce an 
inverse for f ; if the proof was transparent, then the resulting inverse will 
retain computational properties from its construction, whereas if the proof 
is opaque, one must reason explicitly about the action of the inverse. We 
formed no clear convention on this: sometimes it turned out more convenient 
to keep such proofs transparent, for easier reduction in later proofs; in other 
case, this was unnecessary, and making the proofs opaque gave more efficient 
compilation. 

4.3. Constructing paths. The most fundamental type constructor in ho- 
motopy type theory is the type of paths, and the most challenging parts of 
proofs usually involved constructing paths between complex objects. Given 
the subject matter, we never had to pass beyond the 2-categorical level, 
constructing paths between paths; but even so, this required a good deal of 
care, and facility with path algebra. 

One recurring situation was the construction of paths between elements 
of a dependent sum, or elements of a record type with dependencies be- 
tween components. For example, if (a, b) and (a', b') are elements of a type 
^^.^i?(x), constructing a path between these two elements involves con- 
structing a path p from a to a' , and then constructing a path q from the 
transport of b along p to b'. Thus in general we have: 

Lemma total_paths {A : Type} {B : A -> Type} 

{s s' : total B} 

(p : paths (prl s) (prl s')) 

(q : paths (transport p (pr2 s)) (pr2 s')) 
: paths s s ' . 
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where prl and pr2 denote the two projections from the total space '^^-A B{x). 
For interactive, tactic-based proofs, we generally found it useful to bundle 
the arguments p, q into a single structure: 

Lemma total_paths' {A : Type} {B : X -> Type} 

{s s' : total B} 
: { p : prl s = prl s' & p # pr2 s = pr2 s' } -> s = s' . 

Recall that here { p : prl s = prl s' & p # pr2 s = pr2 s' } is no- 
tation for a dependent sum, denoting the type of pairs (p, q) as above. When 
constructing a path between elements of a dependent sum, even when p is 
explicitly available, applying (total_paths p) sometimes fails to infer im- 
plicit arguments. Instead, applying total_paths' leaves the goal of provid- 
ing the pair {p,q), providing the user explicitly with their required types. 
The tactic exists p can then be used to give the first component, leaving 
the goal of constructing the second path q interactively. 

The problem is that transport is rather difficult to work with. There are 
many library lemmas about how its behaviour depends on the dependent 
type B, which in principle allow one to work with transported terms; but we 
found it more convenient to directly give tailored variants of total_paths 
for each specific S- and record type. 

For example, taking a cospan / : A — ^C, g : B — ^C, the standard pullback 
of / and g is given by the type Ylx-AyBif^ ~^ dv)- Using total_path 
to provide a path in this type between triples (x; (y;p)), (x' ; (y' ;p')) 
would require three paths q : x = x',r : q#y = y', and s : r # q 
# p = p'. Notice, however, that in this case the second component, y, 
does not depend on x, so the transport is trivial; and moreover, the doubly- 
transported third component can be explicitly described as a composite. 
Thus, one can provide the following lemma to construct a path between two 
elements of the standard pullback: 

Definition pullback_path' {ABC: Type} {f : A -> C} 

{g : B -> C} (u u' : pullback f g) 
: { q : pullback_proj 1 u = pullback_pro j 1 u' 

& {r : pullback_proj2 u = pullback_proj2 u' 

& ! (map f q) (pullback_comm u) @ (map g r) 
= pullback_comm u' } } 
-> u = u' . 

The process of analyzing the canonical data for presenting a path between 
elements of a complex type, and writing lemmas to construct and work with 
such paths, was crucial to the formalization. 

To consider one last example of this sort, recall that a cospan cone, that 
is, a diagram on the data /, g above, consists of a space, X, and maps h and 
k from X to A and S, respectively, making the diagram commute. 

Definition cospan_cone {ABC: Type} (f : A -> C) 



26 JEREMY AVIGAD, KRZYSZTOF KAPULKIN, AND PETER LEFANU LUMSDAINE 

(g : B -> C) (X : Type) 
:= { h : (X -> A) & 

{ k : (X -> B) & forall x, paths (f(h x)) (g(k x)) ». 

A path between two such cones involves, in particular, a path between the 
family of paths in the third component: 

Definition cospan_cone_path 

{ABC: Type} {f : A -> C> {g : B -> C} {X : Type} 
{Phil Phi2 : cospan_cone f g X} 

(p : cospan_cone_mapl Phil = cospan_cone_mapl Phi2) 
(q : cospan_cone_map2 Phil = cospan_cone_niap2 Phi2) 
(r : forall x:X, 
cospan_cone_conini Phil x 
= (map f (happly p x) ) 

cospan_cone_conim Phi2 x 
@ ! (map g (happly q x) ) ) 
: Phil = Phi2. 

Here, cospan_cone_mapl, cospan_cone_map2, and cospan_cone_comm refer 
to the three components of a cospan cone in the preceding definition. As 
with total_paths, we also give a version cospan_cone_path' that packages 
the required components into a dependent sum, and is often more convenient 
in interactive proofs. 

The advantage to these formulations is that is comparatively straightfor- 
ward (using lemmas from the HoTT library) to reason about operations like 
map, happly, f unext, and their interactions with each other, as well as with 
path operations such as concatenation and inversion. 

Returning to the question of this path-algebra itself, we found the for- 
malization to require significant facility with such calculations. The HoTT 
library has a number of tactics for automating common manipulations and 
simplifications, but we found these tactics generally slowed down the proof- 
checker significantly. So, for the most part, we ended up giving such calcu- 
lations by hand, building them explicitly from basic lemmas. 

4.4. General strategies. We found it important to develop our theories 
and proofs in a modular way. The value of modularity in interactive theo- 
rem proving is well understood (see, for example, [G^13]), but in the context 
of homotopy type theory, it takes on additional significance. For one thing, 
many statements involving paths can only be proved when stated in full gen- 
erality (to make available the elimination for Id-types). As a consequence, 
some facts cannot be derived in the course of a proof, on the fly, but have to 
be expressed independently. The fact that one often needs to reason about 
the construction of paths provides an additional reason to construct such 
proofs out of individually-named component lemmas: doing so allows one 
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derive properties of the components individually, and then invoke these prop- 
erties later on. In other words, reasoning about a niodularly-constructed 
proof allows one to work with the individual lemmas and unpack their con- 
tents selectively, as needed. In contrast, the failure to modularize can result 
in formal terms that are overwhelming in complexity. 

Perhaps the most important lesson we learned was not to expect too 
much from an interactive theorem prover. Although homotopy type theory 
provides a powerful framework to support homotopy-theoretic reasoning, 
one still needs a thorough understanding of the relevant mathematics. To 
get some of the more complex proofs and constructions to work, we found it 
vitally important to find the right definitions, the right way of formulating 
assertions, the right supporting infrastructure, and the right proof strategies. 
This required thinking carefully about the mathematical content, avoiding 
the temptation to simply dive in and hack. 

This should not suggest that Coq was no help at all. Indeed, Coq was 
excellent for helping us keep track of definitions and formulate statements 
correctly. Especially for more complex path-constructions, applying stan- 
dard rules to unwrap and reduce the contents of a goal type was an extremely 
useful aid to finding the term required. In practice, we found ourselves go- 
ing back and forth between the blackboard and Coq, using Coq to negotiate 
the inevitable syntactic bureaucracy, and then returning to the blackboard 
to recoup intuitions and plan proof-strategies. In this way, Coq earned its 
keep, serving as a "proof assistant" in a very real sense. 

4.5. A case study: the t^vo puUbacks lemma. We close with a dis- 
cussion of the abstract two pullbacks lemma. Proposition 3.1.11, by way 
of illustration. Somewhat to our surprise, this turned out to be the most 
difficult proof in our formalization. In the end, we tried three substantially 
different approaches before finding one satisfactory. 

Consider for now just the forward direction of Proposition 3.1.11, which 
states that if both squares have the universal property of pullbacks, then so 
does the composite. Let /: A — ^C, g: B — ^C, h: B' — ^C, and k: P — ^B 
denote the maps so labeled in the diagram there. Our first approach invoked 
the concrete two pullbacks lemma. Proposition 3.1.10, which states that 

Pb{g*f,h)^Pb{f,g-h). 

We then derived the following chain of equivalences, using the fact that cones 
from X to the cospan (/, g) are equivalent to maps from X to the standard 
pullback: 

(X^Ps) ^ Cone{X; k,h) 

~ {X^Ph{k,h)) 

^ {X^Ph{g*f,h)) 

^ {X^Pbif,g-h)) 

~ Cone{X;f,g-h). 
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Here the second and last equivalences are just the universal properties of 
the concrete pullbacks. The notation g* f in the third equivalence denotes 
the pullback of / along g according to the concrete pullback construction; 
this equivalence relies on the fact that any abstract pullback is equivalent 
to the concrete one, and the fact that the concrete pullback construction 
is functorial. The equivalence of the left- and right-hand sides of the chain 
above almost gives what we want: however, the universal property for the 
outer pullback square requires not just that an equivalence exists, but that 
the canonical map from X — ^ P2 to Cone(X; f,g-h) is an equivalence. 

What remains is thus to show that the map we have just constructed is 
homotopic to the canonical one! This, however, turned out to be extremely 
difficult. The problem was a failure of modularity: all we could do was 
unwrap the long, complicated term, and calculate. We managed to do this, 
but although the tactic engine declared the effort successful, we were unable 
to get it past the type-checker (presumably because the resulting term was 
too large). 

Our second approach involved constructing the desired inverse by hand. 
Any cone fi : Cone(X; f,g-h) over the outer cospan can be reinterpreted as 
a cone fj,' : Cone(X; /, g) over the bottom cospan. Applying the universal 
property of the cone from Pi, we obtain a map mi: X — ^ Pi inducing 
IJ,'; we can then take mi as the first leg of a cone fi" : Cone{X;k,h) on 
the top cospan. Applying the universal property of the cone on P2 then 
gives a map m2'- X — ^ P2, as desired. However, the task of proving that 
this construction is indeed a two-sided inverse for (fi o —) turned out to be 
difficult. For example, the first task requires one to show that, starting with 
a cone fj, : Cone{X;f,g ■ h), carrying out the procedure above to obtain a 
map from X to P2 and then taking the induced cone, the resulting cone 
v : Cone{X;f,g) is connected by a path to the original /i. As described in 
Section 4.3, this involves showing not only that the component maps agree, 
but also that the resulting families of equality proofs agree as well; this turns 
out to be an interesting but laborious exercise in bicategorical path-algebra. 

We finally settled on the approach described in Section 3.1.3, which es- 
tablishes both directions of Proposition 3.1.11 simultaneously. Showing that 
the type Cone(X; k, h) of cones on the top cospan is equivalent to the type 
Cone(X; f,g-h) of cones on the outer cospan required some effort, but the 
result was still considerably cleaner than either of the previous proofs. With 
that in hand, all that remained was to show that the triangle depicted in the 
proof of Proposition 3.1.11 in Section 3.1.3 commutes. To our very pleasant 
surprise, this fact had a one-line proof in Coq: 

Lemma two_pullback_triangle_commutes {PI : Type} 

(CI : cospan_cone f g PI) 

{P2 : Type} (C2 : cospan_cone (cospan_cone_map2 CI) h P2) 

{X : Type} (m : X -> P2) 
: top_cospan_cone_to_composite CI (map_to_cospan_cone C2 X m) 
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= inap_to_cospan_cone (top_cospan_cone_to_composite CI C2) X m. 
Proof. 

exact (idpath _) . 
Defined. 

In other words, the left- and right-hand sides are definitionally equal. 
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